admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-20 03:00:34 +00:00
parent 8b7da0eea2
commit 9aa52b038a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 250 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2023/6xxx/CVE-2023-6398.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
}
]
},

111
2023/6xxx/CVE-2023-6764.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@zyxel.com.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String",
"cweId": "CWE-134"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zyxel",
"product": {
"product_data": [
{
"product_name": "ATP series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "version 4.32 through 5.37 Patch 1"
}
]
}
},
{
"product_name": "USG FLEX series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "version 4.50 through 5.37 Patch 1"
}
]
}
},
{
"product_name": "USG FLEX 50(W) series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "version 4.16 through 5.37 Patch 1"
}
]
}
},
{
"product_name": "USG20(W)-VPN series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "version 4.16 through 5.37 Patch 1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024",
"refsource": "MISC",
"name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

10
2024/1xxx/CVE-2024-1019.json
View File

@ -59,6 +59,16 @@
"url": "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30",
"refsource": "MISC",
"name": "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/"
}
]
},

80
2024/1xxx/CVE-2024-1510.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gn_themes",
"product": {
"product_data": [
{
"product_name": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "7.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03d780-076b-4501-a353-376198a4bd7b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03d780-076b-4501-a353-376198a4bd7b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.0.2/includes/shortcodes/tooltip.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.0.2/includes/shortcodes/tooltip.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3037436/shortcodes-ultimate/trunk/includes/shortcodes/tooltip.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3037436/shortcodes-ultimate/trunk/includes/shortcodes/tooltip.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Richard Telleng"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/1xxx/CVE-2024-1654.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1655.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2024/25xxx/CVE-2024-25442.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.launchpad.net/hugin/+bug/2025032",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/hugin/+bug/2025032"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-60cefb07e8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAV7IMHCOIMBEIW42KM2QUJ4MDQLNW3Z/"
}
]
}

5
2024/25xxx/CVE-2024-25443.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.launchpad.net/hugin/+bug/2025035",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/hugin/+bug/2025035"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-60cefb07e8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAV7IMHCOIMBEIW42KM2QUJ4MDQLNW3Z/"
}
]
}

5
2024/25xxx/CVE-2024-25445.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.launchpad.net/hugin/+bug/2025038",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/hugin/+bug/2025038"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-60cefb07e8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAV7IMHCOIMBEIW42KM2QUJ4MDQLNW3Z/"
}
]
}

5
2024/25xxx/CVE-2024-25446.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.launchpad.net/hugin/+bug/2025037",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/hugin/+bug/2025037"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-60cefb07e8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAV7IMHCOIMBEIW42KM2QUJ4MDQLNW3Z/"
}
]
}